You would just need to make sure your private key was in the .ssh dir in the home directory of whatever user is sending the backups to the backup server.
So, if you’re having Virtualmin send the backups to your server, you’d need to make sure the private key was in the root users home directory.
To test that – log into your server as root, and make sure you’re then able to SSH into your backup server without a key.
I’m feeling kind of dopey today - it’s not working for me. In particular, my goal is to use scp to transfer a backup of a domain from old-host.com to new-host.comas described here.
Here’s what I am doing…
On old-host.com, I used the Virtualmin Terminal to create a public/private key with ssh-keygen -t rsa -b 4096 This creates a file id_rsa.pub for root@old-host.com
I cat this file and copy all the lines
On new-host.com, I use Virtualmin Terminal to cd .ssh and paste those lines to the end of authorized_keys (It was initially empty.)
I go back to old-host.com, and attempt: ssh root@new-host.com and am prompted to enter my password. This tells me that the SSH public key isn’t working.
Things that may be going wrong:
On both old-host.com and new-host.com, I created a deploy user with sudo access that I use to admin the servers. I use this login both for SSH and for logging into Virtualmin
On both hosts, I disabled root login (PermitRootLogin no in /etc/ssh/sshd_config)
On both hosts, I also disabled password login (PasswordAuthentication no in /etc/ssh/sshd_config)
On both hosts, Virtualmin is running at root (the Virtualmin Terminal shows ‘root’ for the whoami command)
I suspect the problem is the prohibition of root login. I also suspect that I could simply turn off that prohibition on new-host.com for the duration of this experiment, and re-enable when I’m done.
But there are so many variables here, I thought I would appeal to people who are smarter than me to minimize my flailing about. Thanks for your thoughts.
Use scp to copy the id_rsa.pub (public key) to 192.168.0.51 (Server B, Backup) as authorized_keys file, this is know as “installing the public key to server”.
You will interact with Server B ssh authentication during this process. Proceed to answer yes and enter the correct password to complete the scp process.
Once completed, test the installed key by ssh’ing into Server B like below:
ssh 192.168.0.51
If you done it correctly, you will now be in Server B shell (No password is requested!). Exit from Server B.
After that you only need to setup like this your backup and it works
Ubuntu blocks the root login when first set up so unless you have given yourself access to login as root you will not be able to complete the scp command suggested, as it will require you to log in as root in order to copy the keys.
It appears that you copied the text of the key from .ssh/id_rsa.pub and put it into the /root/.ssh/authorized_keys file.
If it is in there you should now be able to go to terminal in your first server and type something like ssh new-host.com
Assuming you are logged into Webmin as root this should log you into the new server.
I don’t think you have to put the root@ in front of new-host.com
However, both appear to work on mine.
I just copied and pasted the text from the id_rsa.pub file from my main server to the authorized_keys file of my backup server.
You might want to check the file to ensure the whole thing got copied properly. Mine starts with
ssh-rsa AAAAB3NzaC1yc2EAA
and ends with
WuRRudkBb root@main.server.net
In Webmin > Servers > SSH Server > Authentication, you set how you allow logins.
Default is like in the image, and backup works as suppose to do.
If you want to use only SSH keys, Permit logins with empty passwords selected on yes (if you don’t use a password, is an empty password, but you must set allow login by root as only with RSA auth).
If you Allow logins by root yes and password, you only need to put root password on backup form.
